djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

supervisor_discovery_test.go tests hostnames are treated as case-insensitive

Browse Source 
Signed-off-by: Ryan Richard <richardry@vmware.com>
This commit is contained in:
Andrew Keesler 2020-10-28 13:09:20 -07:00 committed by Ryan Richard
parent 8ff64d4c1a
commit bd04570e51
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
test/integration/supervisor_discovery_test.go
View File

@ -118,7 +118,8 @@ func TestSupervisorTLSTerminationWithDefaultCerts(t *testing.T) {
address := env.SupervisorHTTPSAddress // hostname and port for direct access to the supervisor's port 443 address := env.SupervisorHTTPSAddress // hostname and port for direct access to the supervisor's port 443
hostAndPortSegments := strings.Split(address, ":") hostAndPortSegments := strings.Split(address, ":")
hostname := hostAndPortSegments[0] // hostnames are case-insensitive, so test mis-matching the case of the issuer URL and the request URL
hostname := strings.ToLower(hostAndPortSegments[0])
port := "443" port := "443"
if len(hostAndPortSegments) > 1 { if len(hostAndPortSegments) > 1 {
port = hostAndPortSegments[1] port = hostAndPortSegments[1]
@ -154,7 +155,9 @@ func TestSupervisorTLSTerminationWithDefaultCerts(t *testing.T) {
sniCA := createTLSCertificateSecret(ctx, t, ns, hostname, nil, sniCertificateSecretName, kubeClient) sniCA := createTLSCertificateSecret(ctx, t, ns, hostname, nil, sniCertificateSecretName, kubeClient)
// Now that the Secret exists, we should be able to access the endpoints by hostname using the CA from the SNI cert. // Now that the Secret exists, we should be able to access the endpoints by hostname using the CA from the SNI cert.
_ = requireDiscoveryEndpointsAreWorking(t, scheme, address, string(sniCA.Bundle()), issuerUsingHostname, nil) // Hostnames are case-insensitive, so the request should still work even if the case of the hostname is different
// from the case of the issuer URL's hostname.
_ = requireDiscoveryEndpointsAreWorking(t, scheme, strings.ToUpper(hostname)+":"+port, string(sniCA.Bundle()), issuerUsingHostname, nil)
// And we can still access the other issuer using the default cert. // And we can still access the other issuer using the default cert.
_ = requireDiscoveryEndpointsAreWorking(t, scheme, ipWithPort, string(defaultCA.Bundle()), issuerUsingIPAddress, nil) _ = requireDiscoveryEndpointsAreWorking(t, scheme, ipWithPort, string(defaultCA.Bundle()), issuerUsingIPAddress, nil)